Acknowledgement sent
to Jeremy Bicha <[email protected]>:
New Bug report received and forwarded. Copy sent to Moodle Packaging Team <[email protected]>.
(Sun, 18 Oct 2009 00:54:04 GMT) (full text, mbox, link).
Package: moodle
Version: 1.9.4.dfsg-0ubuntu4
Severity: normal
Tags: patch
Reported in Ubuntu at https://launchpad.net/bugs/452622
During installation of moodle, the following question is asked:
If access is restricted to localhost, other computers will be
prevented from connecting to this Moodle site. If you wish for others
to be able to use this Moodle site you must not restrict access to
localhost.
Note: Opening your system to connections from remote hosts may have
security implications.
Should access to this Moodle server be restricted to localhost?
If the user answers yes, /etc/apache2/conf.d/moodle includes the lines:
order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0
The final line needs to be changed to (or at least include):
allow from localhost
Otherwise, the user will only get a 403 Forbidden message and these
show up in the apache2 logs:
[error] [client ::1] client denied by server configuration: /usr/share/moodle/
::1 - - [15/Oct/2009:21:30:58 +0300] "GET /moodle/ HTTP/1.1" 403 500
"-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3)
Gecko/20091007 Ubuntu/9.10 (karmic) Firefox/3.5.3"
This type of bug is discussed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526010 where changing
the setting to "allow from localhost" is recommended due to a change
in libc6.
Jeremy
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500,
'karmic-proposed'), (500, 'karmic-backports'), (500, 'karmic')
Architecture: i386 (i686)
Kernel: Linux 2.6.31-14-generic-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages moodle depends on:
ii adduser 3.110ubuntu6 add and remove users and groups
ii apache2-mpm-prefo 2.2.12-1ubuntu2 Apache HTTP Server - traditional n
ii debconf [debconf- 1.5.27ubuntu2 Debian configuration management sy
ii libapache2-mod-ph 5.2.10.dfsg.1-2ubuntu5 server-side, HTML-embedded scripti
ii libdbd-mysql-perl 4.011-1ubuntu1 A Perl5 database interface to the
ii libdbi-perl 1.609-1 Perl Database Interface (DBI)
ii mysql-client 5.1.37-1ubuntu5 MySQL database client (metapackage
ii mysql-client-5.1 5.1.37-1ubuntu5 MySQL database client binaries
ii mysql-server 5.1.37-1ubuntu5 MySQL database server (metapackage
ii mysql-server-5.1 5.1.37-1ubuntu5 MySQL database server binaries
ii php5-cli 5.2.10.dfsg.1-2ubuntu5 command-line interpreter for the p
ii php5-curl 5.2.10.dfsg.1-2ubuntu5 CURL module for php5
ii php5-gd 5.2.10.dfsg.1-2ubuntu5 GD module for php5
ii php5-mysql 5.2.10.dfsg.1-2ubuntu5 MySQL module for php5
ii smarty 2.6.22-1ubuntu2 Template engine for PHP
ii ucf 3.0018ubuntu1 Update Configuration File: preserv
ii unzip 6.0-1 De-archiver for .zip files
ii zip 3.0-1ubuntu1 Archiver for .zip files
Versions of packages moodle recommends:
ii aspell 0.60.6-2 GNU Aspell spell-checker
ii mimetex 1.50-1ubuntu1 LaTeX math expressions to anti-ali
ii php5-ldap 5.2.10.dfsg.1-2ubuntu5 LDAP module for php5
ii php5-xmlrpc 5.2.10.dfsg.1-2ubuntu5 XML-RPC module for php5
Versions of packages moodle suggests:
pn clamav <none> (no description available)
-- debconf information:
* moodle/https_only: false
* moodle/local_only: true
moodle/dbu_name: moodle
* moodle/db_server: mysql-server
* moodle/db_populate:
* moodle/db_create: true
moodle/db_host: localhost
moodle/fqdn_check: true
moodle/pwillegalchar:
moodle/config_php_created:
moodle/notconfigured:
moodle/pwempty:
moodle/pwmismatch:
Source: moodle
Source-Version: 1.9.8-1
We believe that the bug you reported is fixed in the latest version of
moodle, which is due to be installed in the Debian FTP archive:
moodle_1.9.8-1.debian.tar.gz
to main/m/moodle/moodle_1.9.8-1.debian.tar.gz
moodle_1.9.8-1.dsc
to main/m/moodle/moodle_1.9.8-1.dsc
moodle_1.9.8-1_all.deb
to main/m/moodle/moodle_1.9.8-1_all.deb
moodle_1.9.8.orig.tar.gz
to main/m/moodle/moodle_1.9.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Oswald <[email protected]> (supplier of updated moodle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 20 Jun 2010 16:02:14 +0200
Source: moodle
Binary: moodle
Architecture: source all
Version: 1.9.8-1
Distribution: unstable
Urgency: low
Maintainer: Moodle Packaging Team <[email protected]>
Changed-By: Xavier Oswald <[email protected]>
Description:
moodle - Course Management System for Online Learning
Closes: 302205302207389502475535526543529573551399551402555672574757574969576189581229
Changes:
moodle (1.9.8-1) unstable; urgency=low
.
[Tomasz Muras]
* New Maintainer (closes: #581229, #574969).
* New Upstream Version (closes: #475535).
* Added information about flvplayer to copyright (closes: #526543).
* phpCAS XSS vulnerability fixed in mainstream Moodle 1.9.8 (closes: #574757).
* Several security issues fixed in upstream (closes: #576189).
* Moodle depends on postgresql or MySQL (closes: #551399).
* Re-written to use dbconfig-common (closes: #302205).
* Updated copyright with two new entires (closes: #526543).
* Drop use of wwwconfig (closes: #389502).
* Package is now not creating Apache config automatically (closes: #555672).
It's up to the user to configure the webserver but package provides the
templates.
* Added "allow from localhost" (closes: #551402).
* Asking for wwwroot during the installation (closes: #302207).
* Removing nusoap as it's not necessary for PHP 5 (closes: #529573).
.
[Xavier Oswald]
* Add myself as uploader.
* Bump Stadards-Version to 3.8.4.
* debian/copyright: update with DEP-5 format proposal.
* Switch to dpkg-source 3.0 (quilt) format
.
[Francois Marier]
* Bump debhelper compatibility to 7
* Add a watch file
* debian/control (dependencies)
- Depend on libjs-yui instead of yui (renamed after lenny)
- Add dependency on unzip
- Recommend php5-xmlrpc and aspell
- Suggest clamav
- Demoted mimetex to recommended
* Turn 'dbpersist' on by default in the generated config.php
* Include whitespace warning at the end of generated config.php
* Set the path to du, unzip and zip
* Fix a warning with E_STRICT is turned on
Checksums-Sha1:
b2d23f94232b89ebb4e4764bd3f1a4eb27d6d146 1337 moodle_1.9.8-1.dsc
a9aa0abda327ad72ee97dda6c947b313a4b8b2cb 13677111 moodle_1.9.8.orig.tar.gz
0cb0a49deea6cc2d5eff42993237e93f7349b1bc 16083 moodle_1.9.8-1.debian.tar.gz
68a27922946e4f9098acfd027c3e8c980d74ae71 10019954 moodle_1.9.8-1_all.deb
Checksums-Sha256:
73d738e21711aa47caee57a6aaf88f868d8cb1142f48a4d623501777360c3d32 1337 moodle_1.9.8-1.dsc
702f07a060c19893a544b6310680fdbc646ec0074a5d027a1c167aa13ac36e7c 13677111 moodle_1.9.8.orig.tar.gz
4f9663e2146438bf6776b79b3337d705e4eb874bb19f454ab466bc649f0cff61 16083 moodle_1.9.8-1.debian.tar.gz
7fbd53da63fa089695e52e769681ce68e3b232b6551776d3c3acd8369e7ec1aa 10019954 moodle_1.9.8-1_all.deb
Files:
6fb46d8039407f7ed3770568f6ef452d 1337 web optional moodle_1.9.8-1.dsc
d0fa094b29ce5bf2693e0195bdfc72f4 13677111 web optional moodle_1.9.8.orig.tar.gz
a01eccb8fd811bed7fecd80c32fe6089 16083 web optional moodle_1.9.8-1.debian.tar.gz
5396b88b5f4dd5e475542823f32af1d6 10019954 web optional moodle_1.9.8-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkweS1cACgkQpDDGqoi7tR4m2QCgx9+gyYR9Ps6/Ikapuf5ZQKRJ
SGsAoJWH5yK9Trt4fhl9YiXfv0HWNz0r
=4RyJ
-----END PGP SIGNATURE-----